“Cross-chain bridge Nomad announced up to a 10% bounty through appealing on the website and Twitter for hackers after its platform has been exploited in the cyberattack earlier this week that led to nearly $200 million loss” [Rajpalsinh. Nomad Bridge Announces 10% Bounty For Hackers to Recover Funds. (Accessed August 6, 2022)].
‘The bounty is for those who come forward now, and for those who have already returned funds,’ Nomad said. Nomad said it won’t take legal action against any hackers who return 90% of the assets they took, as it will consider these individuals to be ‘white hat’ hackers. White hats are like the ‘ethical hackers’ in the cybersecurity world. They cooperate with organizations to alert them to issues in their software.
[Browne, R. Hacked crypto startup Nomad offers a 10% bounty for return of funds after $190 million attack. (Accessed August 6, 2022)].
“In an official statement, Pranay Mohan, co-founder and CEO of Nomad, commented: ‘The most important thing in crypto is community, and our number one goal is restoring bridged user funds” [Fortis, S. Nomad announces $19-million bounty for lost funds from recent hack. (Accessed August 6, 2022). "We will not prosecute white hats,’ Pranay Mohan, chief executive officer of Nomad, said in the statement. 'But we will continue to work with our partners, intelligence firms, and law enforcement to pursue all other malicious actors to the fullest extent under the law” [Ossinger, J. Crypto Bridge Nomad Offers 10% Bounty After $190 Million Hack. (Accessed August 6, 2022)].
This bounty “comes after a vulnerability in Nomad’s code allowed hackers to make off with around $190 million worth of tokens. Users were able to enter any value into the system and then withdraw the funds, even if there weren’t enough assets available on deposit. The nature of the bug meant users didn’t need any programming skills to exploit it. Once others caught on to what was going on, they piled in and carried out the same attack” [Browne, supra].
In the recent update on their fund recovery, Nomad claimed the successful recovery of $32 million in funds from 86 wallet addresses. Nomad Bridge’s official statement revealed that they are closely working with TRM Labs and law enforcement to identify wrongdoers and restore their funds. It is also working with Anchorage Digital to accept and keep the ETH and ERC-20 tokens safe.
“Nomad is a bridge protocol, a tool for transferring tokens across blockchains to make different networks interoperable. Bridges have become one of the crypto sector’s weak points after numerous hacks – some $2 billion worth of tokens have been swiped from them in 2022, consultancy Chainalysis estimates” [Ossinger, supra].
Given the sheer quantity of assets locked inside bridges — plus bugs making them vulnerable to attacks — they’re known to be an appealing target for hackers. ‘Currently those bridges accumulate a lot of money,’ Adrian Hetman, tech lead at crypto security firm Immunefi, told CNBC. ‘When there is a lot of money in certain places hackers are prone to find vulnerability there and steal that money.’
There’s a reason bridges are more important than an average stretch of road – and why holes in them are more dangerous. As the cryptocurrency world has grown more complex, more and more transactions have come to rely on so-called crypto bridges that enable transactions involving a wide range of tokens. In June, hackers looted about $100 million from crypto bridge Horizon. Even before that hack, money stolen from bridges had exceeded $1 billion, a stark reminder that just because something is useful, fast and cheap doesn’t mean it’s safe.
[Kharif, O. Understanding Crypto Bridges and $1 Billion in Thefts. (Accessed August 6, 2022)].
This article was originally published on Leo Finance as well as several other tribes on the Hive blockchain.